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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

Claim 1 (Currently Amended): An apparatus for key management comprising: 

(a) a multitude of key registers; 

(b) a multitude of type fields, wherein each type field is associated with a key register[[s]]; 

(c) a key management controller; 

(d) key management algorithms; and 

( e ) a plurality of key management functions , said plurality of key management functions 
including a plurality of unwrap operations: 

wherein the type of an unwrapped key produced is determined by which one of said plurality . 
of unwrap operations is used. 

Claim 2 (original): The apparatus according to claim 1 wherein each type field contains at least 
one of the values including KK, DK, and null. 

Claim 3 (original): The apparatus according to claim 2 wherein the contents of a key register 
with an associated type field whose value is KK is used to encrypt and decrypt the contents 
of other key registers. 

Claim 4 (original): The apparatus according to claim 1 wherein said key management functions 
include an unwrap function, said unwrap function including: 
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(a) a wrapped key parameter for specifying an unwrapping key; 

(b) a type parameter for specifying an unwrapping key type; 

(c) an index parameter for specifying where to store the unwrapped key; and 

(d) a wrapped key index parameter for specifying a wrapped key; 

said unwrap function capable of unwrapping the wrapped key using the specified unwrapping 
key and an algorithm determined by the unwrapping key type. 

Claim 5 (original): The apparatus according to claim 1 wherein said key management functions 
include a wrap function, wherein said wrap function includes: 

(a) an index parameter for specifying a wrapping key; and 

(b) a wrapping key index parameter for specifying a wrapping key key; 

said wrap function capable of wrapping the wrapping key using the specified wrapping key 
key. 

Claim 6 (original): The apparatus according to claim 1 wherein said key management functions 
include a data encryption function, said data encryption function includes: 

(a) a data parameter for specifying encryption data; and 

(b) a key index parameter for specifying an encryption key; 

said encryption function capable of encrypting the specified encryption data using the 
specified encryption key. 

Claim 7 (original): The apparatus according to claim 1 wherein said key management functions 
include a data decryption function, wherein said data decryption function includes: 
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(a) a cipher parameter for specifying a cipher for decryption; and 

(b) a key index parameter for specifying a decryption key; 

said decryption function capable of decrypting the specified cipher using the specified 
decryption key. 

Claim 8 (original): The apparatus according to claim 1 wherein said key management functions 
include a data load function, wherein said data load function includes: 

(a) a key parameter for specifying a plaintext key; and 

(b) an index parameter for specifying a destination key register; 

said data load function capable of loading the specified plaintext key into the destination key 
register. 

Claim 9 (original): The apparatus according to claim 1 wherein said key management functions 
include a register clear function, wherein said register clear function includes an index 
parameter for specifying a key register, and is capable of clearing the specified key register 
and an associated type field. 

Claim 10 (original): The apparatus according to claim 1 wherein said key management functions 
include an initialize function, wherein said initialize function is capable of: 

(a) clearing said multitude of key registers; 

(b) storing a specified plaintext key in an indexed register; and 

(c) storing a KK value in the type field associated with the indexed register 
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Claim 11 (original): The apparatus according to claim 1 wherein said multitude of key registers 
has a hierarchy. 

Claim 12 (original): The apparatus according to claim 1 1 wherein said contents of a key register 
can only be used to wrap the contents of a lower hierarchical level key register. 

Claim 13 (original): The apparatus according to claim 1 1^ wherein said hierarchy has more than 
one root. 

Claim 14 (original): The apparatus according to claim 1 wherein a key management function 
uses a key management algorithm determined by the value stored in the type field associated 
with the key register being operated on by said key management function. 

Claim 15 (original): The apparatus according to claim 1 wherein said apparatus uses public key 
negotiation protocols to share new keys with other key management apparatuses. 

Claim 16 (original): The apparatus according to claim 1 wherein said key management 
algorithms includes an encryption algorithm for wrapping a DK with a KK, wherein the 
wrapped data key = EKK(EKK(DK)). 

Claim 17 (original): The apparatus according to claim 1 wherein said key management 
algorithms include a decryption algorithm for unwrapping a DK with a KK, wherein the 
wrapped data key = EKK(EKK(DK)). 
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Claim 1 8 (original): The apparatus according to claim 1 wherein said key management 
algorithms include encryption and decryption algorithms that use a bitwise exclusive-or 
operator. 

Claim 19 (Currently Amended): A method for key management comprising the steps of: 

(a) storing a data key in a key register; 

(b) storing a[[n]] data type for said data key in an associated type field; 

(c) storing a key key in a key register; 

(d) storing a key type for said key key in an associated type field; and 

(e) performing one of a plurality of kev management functions on at l e ast on e k e y r e gist e r 
using a key management algorithm , said plurality of kev management functions including a 
plurality of unwrap operations; 

wherein the type of an unwrapped kev produced is determined by which one of said plurality 
of unwrap operations is used . 

Claim 20 (original): The method according to claim 19 wherein said data type is at least one of 
the values including KK> DK, and null. 

Claim 21 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing an unwrap function, said unwrap function 
includes the steps of: 

(a) retrieving an unwrapping key from a key register; 
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(b) retrieving an unwrapping key type; 

(c) determining where to store an unwrapped key; 

(d) retrieving a wrapped key; and 

(e) unwrapping the wrapped key using the unwrapping key and an algorithm determined by 
the unwrapping key type. 



Claim 22 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing a wrap function, wherein said wrap function 
includes the steps of: 

(a) retrieving a wrapping key; 

(b) retrieving a wrapping key key; and 

(c) wrapping the wrapping key using the wrapping key key. 



Claim 23 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing a data encryption function, said data encryption 
function includes the steps of: 

(a) retrieving data for encryption; 

(b) retrieving an encryption key; and 

(c) encrypting the data using the encryption key. 

Claim 24 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing a data decryption function, wherein said data 
decryption function includes the steps of: 
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(a) retrieving a cipher; 

(b) retrieving a decryption key; and 

(c) decrypting the cipher using the decryption key. 

Claim 25 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing a data load function, wherein said data load 
function includes the steps of: 

(a) retrieving a plaintext key; 

(b) determining a destination key register; and 

(c) loading the specified plaintext key into the destination key register. 

Claim 26 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing a register clear function, wherein said register 
clear function includes the steps of: 

(a) clearing a specified key register; and 

(b) clearing an associated type field. 

Claim 27 (original): The method according to claim 19, wherein said step of performing a key 
management function includes performing an initialize function, wherein said initialize 
function includes the steps of: 

(a) clearing a multitude of key registers; 

(b) storing a specified plaintext key in an indexed key register; and 

(c) storing a KK value in the type field associated with the indexed register. 

-8- 



PAGE 10/20 * RCVD AT 12/21/2004 4:23:50 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-1/5 * DNIS: 8729306 * CSID: 571 3230071 * DURATION (mm-ss): 05-54 



DEC-21 04 17:19 FROM: 



5713230071 



TO: 17038729306 



PftGE:ll 



Appl. No. 09/599,124 

Amdt. dated August 1, 2004 

Reply to Office Action of June 23, 2004 



Claim 28 (original): The method according to claim 19, wherein said key register is part of a 
hierarchy of key registers. 

Claim 29 (original): The method according to claim 28, wherein said contents of the key register 
can only be used to wrap the contents of a lower hierarchical level key register. 

Claim 30 (original): The method according to claim 28, wherein said hierarchy has more than 
one root. 

Claim 31 (original): The method according to claim 19, wherein the step of performing a key 
management function further includes using a key management algorithm determined by the 
value stored in the type field associated with the key register being operated on by said key 
management function. 

Claim 32 (original): The method according to claim 19, further including the step of sharing new 
keys with other key management apparatuses using public key negotiation protocols. 
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